Wordfence Intelligence Weekly WordPress Vulnerability Report (November 20, 2023 to November 26, 2023)
🎉Wordfence just launched its bug bounty program. For the first 6 months, all awarded bounties receive a 10% bonus. View the announcement to learn more now!
Last week, there were 115 vulnerabilities disclosed in 87 WordPress Plugins and 1 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 39 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.
Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.
Enterprises, Hosting Providers, and even Indivudals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 12,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
Total Unpatched & Patched Vulnerabilities Last Week
| Patch Status | Number of Vulnerabilities |
| Unpatched | 39 |
| Patched | 76 |
Total Vulnerabilities by CVSS Severity Last Week
| Severity Rating | Number of Vulnerabilities |
| Low Severity | 3 |
| Medium Severity | 90 |
| High Severity | 18 |
| Critical Severity | 4 |
Total Vulnerabilities by CWE Type Last Week
| Vulnerability Type by CWE | Number of Vulnerabilities |
| Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) | 33 |
| Cross-Site Request Forgery (CSRF) | 26 |
| Missing Authorization | 21 |
| Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) | 7 |
| Unrestricted Upload of File with Dangerous Type | 5 |
| Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) | 4 |
| Information Exposure | 3 |
| Protection Mechanism Failure | 2 |
| Improper Authorization | 2 |
| Guessable CAPTCHA | 2 |
| Improper Privilege Management | 1 |
| Improper Neutralization of Special Elements in Output Used by a Downstream Component (‘Injection’) | 1 |
| Improper Control of Generation of Code (‘Code Injection’) | 1 |
| Authorization Bypass Through User-Controlled Key | 1 |
| Exposure of Sensitive Data Through Data Queries | 1 |
| Authentication Bypass Using an Alternate Path or Channel | 1 |
| URL Redirection to Untrusted Site (‘Open Redirect’) | 1 |
| Unverified Password Change | 1 |
| Incorrect Privilege Assignment | 1 |
| Use of Less Trusted Source | 1 |
Researchers That Contributed to WordPress Security Last Week
| Researcher Name | Number of Vulnerabilities |
| István Márton (Wordfence Vulnerability Researcher) |
14 |
| Rafie Muhammad | 10 |
| Nguyen Xuan Chien | 9 |
| Abdi Pranata | 7 |
| Dave Jong | 6 |
| Mika | 4 |
| Dmitrii Ignatyev | 4 |
| Dimas Maulana | 3 |
| Joshua Chan | 3 |
| Jesse McNeil | 3 |
| thiennv | 3 |
| Ngô Thiên An (ancorn_) | 2 |
| Donato Di Pasquale | 2 |
| Francesco Marano | 2 |
| Dateoljo of BoB 12th | 2 |
| Abu Hurayra (HurayraIIT) | 2 |
| Arvandy | 2 |
| qilin_99 | 2 |
| Skalucy | 2 |
| lttn | 1 |
| Joost Grunwald | 1 |
| Bob Matyas | 1 |
| SeungYongLee | 1 |
| Tien fromVNPT-VCI | 1 |
| DoYeon Park (p6rkdoye0n) | 1 |
| Le Ngoc Anh | 1 |
| Vladislav Pokrovsky (ΞX.MI) | 1 |
| Song Hyun Bae | 1 |
| resecured.io | 1 |
| Naveen Muthusamy | 1 |
| Luqman Hakim Y | 1 |
| minhtuanact | 1 |
| Muhammad Daffa | 1 |
| Myungju Kim | 1 |
| Francesco Carlucci | 1 |
| Huynh Tien Si | 1 |
| Marco Wotschka (Wordfence Vulnerability Researcher) |
1 |
| Phd | 1 |
| Alex Sanford | 1 |
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through this form. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.
WordPress Plugins with Reported Vulnerabilities Last Week
| Software Name | Software Slug |
| AI ChatBot | chatbot |
| ARI Stream Quiz – WordPress Quizzes Builder | ari-stream-quiz |
| Abandoned Cart Lite for WooCommerce | woocommerce-abandoned-cart |
| Accept Stripe Payments | stripe-payments |
| Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy) | wp-analytify |
| Auto Affiliate Links | wp-auto-affiliate-links |
| Autocomplete Location field Contact Form 7 | autocomplete-location-field-contact-form-7 |
| Availability Calendar | availability-calendar |
| Awesome Support – WordPress HelpDesk & Support Plugin | awesome-support |
| BackWPup – WordPress Backup Plugin | backwpup |
| BlossomThemes Email Newsletter | blossomthemes-email-newsletter |
| Booster for WooCommerce | woocommerce-jetpack |
| Bootstrap Shortcodes Ultimate | bs-shortcode-ultimate |
| Broken Link Checker for YouTube | broken-link-checker-for-youtube |
| Bulk Comment Remove | bulk-comment-remove |
| Captcha Code | captcha-code-authentication |
| CataBlog | catablog |
| Chatbot for WordPress ⚡️ | collectchat |
| Community by PeepSo – Social Network, Membership, Registration, User Profiles | peepso-core |
| Consensu.io | Conformidade e Consentimento de Cookies para LGPD | consensu-io |
| Contact Form Email | contact-form-to-email |
| Contact Form to Any API | contact-form-to-any-api |
| Debug Log Manager | debug-log-manager |
| Display Custom Post | display-custom-post |
| Drop Shadow Boxes | drop-shadow-boxes |
| Easy Social Feed – Social Photos Gallery – Post Feed – Like Box | easy-facebook-likebox |
| Easy Social Icons | easy-social-icons |
| EventPrime – Events Calendar, Bookings and Tickets | eventprime-event-calendar-management |
| Events Manager | events-manager |
| Export any WordPress data to XML/CSV | wp-all-export |
| Fast Custom Social Share by CodeBard | fast-custom-social-share-by-codebard |
| File Manager – 100% Free & Open Source File Manager Plugin for WordPress | Bit File Manager | file-manager |
| Floating Action Button | floating-action-button |
| Frontier Post | frontier-post |
| Grab & Save | save-grab |
| HUSKY – Products Filter for WooCommerce Professional | woocommerce-products-filter |
| Hide login page, Hide wp admin – stop attack on login page | hide-login-page |
| Import Spreadsheets from Microsoft Excel | import-spreadsheets-from-microsoft-excel |
| Landing Page Builder – Lead Page – Optin Page – Squeeze Page – WordPress Landing Pages | page-builder-add |
| League Table | league-table-lite |
| License Manager for WooCommerce | license-manager-for-woocommerce |
| Link Whisper Free | link-whisper |
| Login Lockdown – Protect Login Form | login-lockdown |
| Mail Bank – #1 Mail SMTP Plugin for WordPress | wp-mail-bank |
| Maspik – Spam Blacklist | contact-forms-anti-spam |
| MyBookTable Bookstore by Stormhill Media | mybooktable |
| Parallax Image | parallax-image |
| Parcel Pro | woo-parcel-pro |
| PayTR Taksit Tablosu – WooCommerce | paytr-taksit-tablosu-woocommerce |
| Perfmatters | perfmatters |
| Porto Theme – Functionality | porto-functionality |
| Post Meta Data Manager | post-meta-data-manager |
| Preloader for Website | preloader-for-website |
| Quttera Web Malware Scanner | quttera-web-malware-scanner |
| Salon booking system | salon-booking-system |
| Seraphinite Post .DOCX Source | seraphinite-post-docx-source |
| Simple Testimonials Showcase | simple-testimonials-showcase |
| Simply Exclude | simply-exclude |
| SpiderVPlayer | player |
| Super Progressive Web Apps | super-progressive-web-apps |
| Tainacan | tainacan |
| Taxonomy filter | taxonomy-filter |
| Team Members – A WordPress Team Plugin with Gallery, Grid, Carousel, Slider, Table, List, and More | gs-team-members |
| TextMe SMS | textme-sms-integration |
| The Events Calendar | the-events-calendar |
| Theme Editor | theme-editor |
| Theme My Login 2fa | tml-2fa |
| TriPay Payment Gateway | tripay-payment-gateway |
| UPS, Mondial Relay & Chronopost for WooCommerce – WCMultiShipping | wc-multishipping |
| UserPro – Community and User Profile WordPress Plugin | userpro |
| Video PopUp | video-popup |
| WC Vendors – WooCommerce Multi-Vendor, WooCommerce Marketplace, Product Vendors | wc-vendors |
| WCFM Marketplace – Best Multivendor Marketplace for WooCommerce | wc-multivendor-marketplace |
| WP ALL Export Pro | wp-all-export-pro |
| WP Child Theme Generator | wp-child-theme-generator |
| WP Githuber MD – WordPress Markdown Editor | wp-githuber-md |
| WP Mail Log | wp-mail-log |
| WP Roadmap – Product Feedback Board | wp-roadmap |
| Widgets for Google Reviews | wp-reviews-plugin-for-google |
| WordPress Gallery Plugin – NextGEN Gallery | nextgen-gallery |
| WordPress Job Board and Recruitment Plugin – JobWP | jobwp |
| WordPress Pinterest Plugin – Make a Popup, User Profile, Masonry and Gallery Layout | gs-pinterest-portfolio |
| Yoast SEO | wordpress-seo |
| eDoc Employee Job Application – Best WordPress Job Manager for Employees | edoc-employee-application |
| myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin | mycred |
| salient-core | salient-core |
| wpForo Forum | wpforo |
WordPress Themes with Reported Vulnerabilities Last Week
| Software Name | Software Slug |
| Enfold – Responsive Multi-Purpose Theme | enfold |
Vulnerability Details
Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.
UserPro <= 5.1.1 – Authentication Bypass to Administrator
Affected Software: UserPro – Community and User Profile WordPress Plugin
CVE ID: CVE-2023-2437
CVSS Score: 9.8 (Critical)
Researcher/s: István Márton
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b3cf9f38-c20e-40dc-a7a1-65b0c6ba7925
CVE ID: CVE-2023-2437
CVSS Score: 9.8 (Critical)
Researcher/s: István Márton
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b3cf9f38-c20e-40dc-a7a1-65b0c6ba7925
UserPro <= 5.1.1 – Insecure Password Reset Mechanism
Affected Software: UserPro – Community and User Profile WordPress Plugin
CVE ID: CVE-2023-2449
CVSS Score: 9.8 (Critical)
Researcher/s: István Márton
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/de9be7bc-4f8a-4393-8ebb-1b1f141b7585
CVE ID: CVE-2023-2449
CVSS Score: 9.8 (Critical)
Researcher/s: István Márton
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/de9be7bc-4f8a-4393-8ebb-1b1f141b7585
Porto Theme – Functionality <= 2.11.1 – Unauthenticated SQL Injection
Affected Software: Porto Theme – Functionality
CVE ID: CVE-2023-48738
CVSS Score: 9.8 (Critical)
Researcher/s: Rafie Muhammad
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/fabc7ad3-1d20-493f-aacb-1832d33d8e14
CVE ID: CVE-2023-48738
CVSS Score: 9.8 (Critical)
Researcher/s: Rafie Muhammad
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/fabc7ad3-1d20-493f-aacb-1832d33d8e14
WP Child Theme Generator <= 1.0.8 – Authenticated (Administrator+) Arbitrary File Upload
Affected Software: WP Child Theme Generator
CVE ID: CVE-2023-47873
CVSS Score: 9.1 (Critical)
Researcher/s: Dateoljo of BoB 12th
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/49fcd2cb-d880-4152-a736-33fd90f07083
CVE ID: CVE-2023-47873
CVSS Score: 9.1 (Critical)
Researcher/s: Dateoljo of BoB 12th
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/49fcd2cb-d880-4152-a736-33fd90f07083
UserPro <= 5.1.1 – Cross-Site Request Forgery to Privilege Escalation
Affected Software: UserPro – Community and User Profile WordPress Plugin
CVE ID: CVE-2023-2440
CVSS Score: 8.8 (High)
Researcher/s: István Márton
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/73600498-f55c-4b8e-a625-4f292e58e0ee
CVE ID: CVE-2023-2440
CVSS Score: 8.8 (High)
Researcher/s: István Márton
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/73600498-f55c-4b8e-a625-4f292e58e0ee
WP Githuber MD <= 1.16.2 – Authenticated (Author+) Arbitrary File Upload
Affected Software: WP Githuber MD – WordPress Markdown Editor
CVE ID: CVE-2023-47846
CVSS Score: 8.8 (High)
Researcher/s: Rafie Muhammad
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a6fda35d-8b82-4a7a-8db6-21dc38a841f4
CVE ID: CVE-2023-47846
CVSS Score: 8.8 (High)
Researcher/s: Rafie Muhammad
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a6fda35d-8b82-4a7a-8db6-21dc38a841f4
Export any WordPress data to XML/CSV < 1.4.1 & WP ALL Export Pro < 1.8.6 – Cross-Site Request Forgery to Remote Code Execution
Affected Software/s: WP ALL Export Pro, Export any WordPress data to XML/CSV
CVE ID: CVE-2023-5882
CVSS Score: 8.8 (High)
Researcher/s: Donato Di Pasquale, Francesco Marano
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b70e8bce-1793-40f0-bdb1-100cf5f431e9
CVE ID: CVE-2023-5882
CVSS Score: 8.8 (High)
Researcher/s: Donato Di Pasquale, Francesco Marano
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b70e8bce-1793-40f0-bdb1-100cf5f431e9
Link Whisper Free <= 0.6.5 – Authenticated (Contributor+) SQL Injection
Affected Software: Link Whisper Free
CVE ID: CVE-2023-47852
CVSS Score: 8.8 (High)
Researcher/s: Muhammad Daffa
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c5e26a56-bba0-4204-bcb7-c5ec123a9b2d
CVE ID: CVE-2023-47852
CVSS Score: 8.8 (High)
Researcher/s: Muhammad Daffa
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c5e26a56-bba0-4204-bcb7-c5ec123a9b2d
UserPro <= 5.1.4 – Authenticated (Subscriber+) Privilege Escalation
Affected Software: UserPro – Community and User Profile WordPress Plugin
CVE ID: CVE-2023-6009
CVSS Score: 8.8 (High)
Researcher/s: István Márton
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e8bed9c0-dae3-405e-a946-5f28a3c30851
CVE ID: CVE-2023-6009
CVSS Score: 8.8 (High)
Researcher/s: István Márton
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e8bed9c0-dae3-405e-a946-5f28a3c30851
UserPro <= 5.1.0 – Cross-Site Request Forgery to PHP Object Injection
Affected Software: UserPro – Community and User Profile WordPress Plugin
CVE ID: CVE-2023-2497
CVSS Score: 8.8 (High)
Researcher/s: István Márton
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/fbb601ce-a884-4894-af13-dab14885c7eb
CVE ID: CVE-2023-2497
CVSS Score: 8.8 (High)
Researcher/s: István Márton
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/fbb601ce-a884-4894-af13-dab14885c7eb
Export any WordPress data to XML/CSV < 1.4.1 & WP ALL Export Pro < 1.8.6 – Cross-Site Request Forgery to PHAR Deserialization
Affected Software/s: WP ALL Export Pro, Export any WordPress data to XML/CSV
CVE ID: CVE-2023-5886
CVSS Score: 8.8 (High)
Researcher/s: Alex Sanford
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/fdc18341-135b-4522-a9db-510e4c4d9704
CVE ID: CVE-2023-5886
CVSS Score: 8.8 (High)
Researcher/s: Alex Sanford
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/fdc18341-135b-4522-a9db-510e4c4d9704
BackWPup <= 4.0.1 – Authenticated (Administrator+) Directory Traversal
Affected Software: BackWPup – WordPress Backup Plugin
CVE ID: CVE-2023-5504
CVSS Score: 8.7 (High)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e830fe1e-1171-46da-8ee7-0a6654153f18
CVE ID: CVE-2023-5504
CVSS Score: 8.7 (High)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e830fe1e-1171-46da-8ee7-0a6654153f18
WordPress Job Board and Recruitment Plugin – JobWP <= 2.1 – Sensitive Information Exposure
Affected Software: WordPress Job Board and Recruitment Plugin – JobWP
CVE ID: CVE-2023-48288
CVSS Score: 7.5 (High)
Researcher/s: Myungju Kim
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c73dbc40-ba54-4836-9bb1-a35f95d5a077
CVE ID: CVE-2023-48288
CVSS Score: 7.5 (High)
Researcher/s: Myungju Kim
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c73dbc40-ba54-4836-9bb1-a35f95d5a077
UserPro <= 5.1.1 – Missing Authorization via multiple functions
Affected Software: UserPro – Community and User Profile WordPress Plugin
CVE ID: CVE-2023-6007
CVSS Score: 7.3 (High)
Researcher/s: István Márton
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/6c4f8798-c0f9-4d05-808e-375864a0ad95
CVE ID: CVE-2023-6007
CVSS Score: 7.3 (High)
Researcher/s: István Márton
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/6c4f8798-c0f9-4d05-808e-375864a0ad95
License Manager for WooCommerce <= 2.2.10 – Authenticated (Administrator+) SQL Injection
Affected Software: License Manager for WooCommerce
CVE ID: CVE-2023-48742
CVSS Score: 7.2 (High)
Researcher/s: Mika
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/09597618-8695-4631-8c3b-4e7580d58c86
CVE ID: CVE-2023-48742
CVSS Score: 7.2 (High)
Researcher/s: Mika
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/09597618-8695-4631-8c3b-4e7580d58c86
Login Lockdown <= 2.06 – Authenticated (Administrator+) SQL Injection
Affected Software: Login Lockdown – Protect Login Form
CVE ID: CVE Unknown
CVSS Score: 7.2 (High)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/09773141-883b-40e3-bd20-d3115c02e023
CVE ID: CVE Unknown
CVSS Score: 7.2 (High)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/09773141-883b-40e3-bd20-d3115c02e023
WP Mail Log <= 1.1.2 – Authenticated (Editor+) SQL Injection via id
Affected Software: WP Mail Log
CVE ID: CVE Unknown
CVSS Score: 7.2 (High)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/099cc754-6a56-498f-848a-a242733e7fb0
CVE ID: CVE Unknown
CVSS Score: 7.2 (High)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/099cc754-6a56-498f-848a-a242733e7fb0
Salon booking system < 8.7 – Authenticated (Editor+) Privilege Escalation
Affected Software: Salon booking system
CVE ID: CVE-2023-48319
CVSS Score: 7.2 (High)
Researcher/s: lttn
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0cac7f96-eb64-427d-9a95-b8bf1c675af0
CVE ID: CVE-2023-48319
CVSS Score: 7.2 (High)
Researcher/s: lttn
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0cac7f96-eb64-427d-9a95-b8bf1c675af0
CataBlog <= 1.7.0 – Authenticated (Editor+) Arbitrary File Upload
Affected Software: CataBlog
CVE ID: CVE-2023-47842
CVSS Score: 7.2 (High)
Researcher/s: Rafie Muhammad
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/18d1ba80-ddf6-4076-bc78-78647b964bcf
CVE ID: CVE-2023-47842
CVSS Score: 7.2 (High)
Researcher/s: Rafie Muhammad
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/18d1ba80-ddf6-4076-bc78-78647b964bcf
WC Vendors Marketplace <= 2.4.7 – Authenticated (Shop manager+) SQL Injection via search dates
Affected Software: WC Vendors – WooCommerce Multi-Vendor, WooCommerce Marketplace, Product Vendors
CVE ID: CVE-2023-48327
CVSS Score: 7.2 (High)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/64f879af-aa8f-4edf-8369-ca032603d529
CVE ID: CVE-2023-48327
CVSS Score: 7.2 (High)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/64f879af-aa8f-4edf-8369-ca032603d529
Theme Editor <= 2.7.1 – Authenticated (Administrator+) Arbitrary File Upload
Affected Software: Theme Editor
CVE ID: CVE-2023-6091
CVSS Score: 7.2 (High)
Researcher/s: Dateoljo of BoB 12th
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a6ede290-a6c4-4c13-872b-60c9601d39db
CVE ID: CVE-2023-6091
CVSS Score: 7.2 (High)
Researcher/s: Dateoljo of BoB 12th
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a6ede290-a6c4-4c13-872b-60c9601d39db
ChatBot <= 4.7.8 – Authenticated (Administrator+) SQL Injection
Affected Software: AI ChatBot
CVE ID: CVE-2023-48741
CVSS Score: 7.2 (High)
Researcher/s: Mika
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/db1bb11d-4752-42d0-b538-2d2a4c827226
CVE ID: CVE-2023-48741
CVSS Score: 7.2 (High)
Researcher/s: Mika
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/db1bb11d-4752-42d0-b538-2d2a4c827226
Quttera Web Malware Scanner <= 3.4.1.48 – Authenticated (Administrator+) Directory Traversal via ShowFile
Affected Software: Quttera Web Malware Scanner
CVE ID: CVE-2023-6222
CVSS Score: 6.8 (Medium)
Researcher/s: Dmitrii Ignatyev
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a9992d0d-7c6e-4184-8f48-1515d50cc028
CVE ID: CVE-2023-6222
CVSS Score: 6.8 (Medium)
Researcher/s: Dmitrii Ignatyev
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a9992d0d-7c6e-4184-8f48-1515d50cc028
Widgets for Google Reviews <= 11.0.2 – Authenticated (Editor+) Arbitrary File Upload
Affected Software: Widgets for Google Reviews
CVE ID: CVE-2023-48275
CVSS Score: 6.6 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/504c0132-530b-4184-b19a-97e68df79b48
CVE ID: CVE-2023-48275
CVSS Score: 6.6 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/504c0132-530b-4184-b19a-97e68df79b48
UserPro <= 5.1.1 – Sensitive Information Disclosure via Shortcode
Affected Software: UserPro – Community and User Profile WordPress Plugin
CVE ID: CVE-2023-2446
CVSS Score: 6.5 (Medium)
Researcher/s: István Márton
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4072ba5f-6385-4fa3-85b6-89dac7b60a92
CVE ID: CVE-2023-2446
CVSS Score: 6.5 (Medium)
Researcher/s: István Márton
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4072ba5f-6385-4fa3-85b6-89dac7b60a92
UserPro <= 5.1.4 – Missing Authorization to Arbitrary Shortcode Execution via userpro_shortcode_template
Affected Software: UserPro – Community and User Profile WordPress Plugin
CVE ID: CVE-2023-2448
CVSS Score: 6.5 (Medium)
Researcher/s: István Márton
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7cbe9175-4a6f-4eb6-8d31-9a9fda9b4f40
CVE ID: CVE-2023-2448
CVSS Score: 6.5 (Medium)
Researcher/s: István Márton
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7cbe9175-4a6f-4eb6-8d31-9a9fda9b4f40
CataBlog <= 1.7.0 – Authenticated (Editor+) Arbitrary File Deletion
Affected Software: CataBlog
CVE ID: CVE-2023-47843
CVSS Score: 6.5 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8794854d-e931-4a85-b767-2ab81bfcb780
CVE ID: CVE-2023-47843
CVSS Score: 6.5 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8794854d-e931-4a85-b767-2ab81bfcb780
Contact Form to Any API <= 1.1.6 – Missing Authorization via delete_cf7_records()
Affected Software: Contact Form to Any API
CVE ID: CVE-2023-47871
CVSS Score: 6.5 (Medium)
Researcher/s: Arvandy
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d4a7c647-4c57-499a-8e46-ca273985bd6d
CVE ID: CVE-2023-47871
CVSS Score: 6.5 (Medium)
Researcher/s: Arvandy
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d4a7c647-4c57-499a-8e46-ca273985bd6d
Display Custom Post <= 2.2.1 – Authenticated (Contributor+) Stored Cross-Site Scripting
Affected Software: Display Custom Post
CVE ID: CVE-2023-48317
CVSS Score: 6.4 (Medium)
Researcher/s: Tien fromVNPT-VCI
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/18531eed-3150-424c-970c-5975afe7546a
CVE ID: CVE-2023-48317
CVSS Score: 6.4 (Medium)
Researcher/s: Tien fromVNPT-VCI
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/18531eed-3150-424c-970c-5975afe7546a
Bootstrap Shortcodes Ultimate <= 4.3.1 – Authenticated (Contributor+) Stored Cross-Site Scripting
Affected Software: Bootstrap Shortcodes Ultimate
CVE ID: CVE-2023-47851
CVSS Score: 6.4 (Medium)
Researcher/s: Ngô Thiên An (ancorn_)
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2e93efec-371c-4050-b24b-e5e978059549
CVE ID: CVE-2023-47851
CVSS Score: 6.4 (Medium)
Researcher/s: Ngô Thiên An (ancorn_)
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2e93efec-371c-4050-b24b-e5e978059549
Salient Core <= 2.0.2 – Authenticated (Contributor+) Stored Cross-Site Scripting
Affected Software: salient-core
CVE ID: CVE-2023-48749
CVSS Score: 6.4 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/316ffb37-47fe-47c4-8a81-5794fa12ce33
CVE ID: CVE-2023-48749
CVSS Score: 6.4 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/316ffb37-47fe-47c4-8a81-5794fa12ce33
Export any WordPress data to XML/CSV < 1.4.1 & WP ALL Export Pro < 1.8.6 – Authenticated (Admin+) Remote Code Execution
Affected Software/s: WP ALL Export Pro, Export any WordPress data to XML/CSV
CVE ID: CVE-2023-4724
CVSS Score: 6.4 (Medium)
Researcher/s: Donato Di Pasquale, Francesco Marano
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/43f976ee-cba7-4f5d-b9c6-a6f66c0011d2
CVE ID: CVE-2023-4724
CVSS Score: 6.4 (Medium)
Researcher/s: Donato Di Pasquale, Francesco Marano
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/43f976ee-cba7-4f5d-b9c6-a6f66c0011d2
EventPrime – Modern Events Calendar, Bookings and Tickets <= 3.3.2 – Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode
Affected Software: EventPrime – Events Calendar, Bookings and Tickets
CVE ID: CVE Unknown
CVSS Score: 6.4 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5124be64-6679-4dc5-8117-55c73ae91489
CVE ID: CVE Unknown
CVSS Score: 6.4 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5124be64-6679-4dc5-8117-55c73ae91489
Parallax Image <= 1.7.1 – Authenticated (Contributor+) Stored Cross-Site Scripting
Affected Software: Parallax Image
CVE ID: CVE-2023-47854
CVSS Score: 6.4 (Medium)
Researcher/s: resecured.io
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/55cd02d1-7b06-427b-840b-3ced73ad4a74
CVE ID: CVE-2023-47854
CVSS Score: 6.4 (Medium)
Researcher/s: resecured.io
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/55cd02d1-7b06-427b-840b-3ced73ad4a74
wpForo Forum <= 2.2.3 – Authenticated (Subscriber+) Stored Cross-Site Scripting
Affected Software: wpForo Forum
CVE ID: CVE-2023-47872
CVSS Score: 6.4 (Medium)
Researcher/s: Jesse McNeil
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5607a60e-a04a-4d28-bb04-bdacf8e97c56
CVE ID: CVE-2023-47872
CVSS Score: 6.4 (Medium)
Researcher/s: Jesse McNeil
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5607a60e-a04a-4d28-bb04-bdacf8e97c56
Video PopUp <= 1.1.3 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Affected Software: Video PopUp
CVE ID: CVE-2023-4962
CVSS Score: 6.4 (Medium)
Researcher/s: István Márton
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/670ea03e-2f76-48a4-9f40-bc4cfd987a89
CVE ID: CVE-2023-4962
CVSS Score: 6.4 (Medium)
Researcher/s: István Márton
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/670ea03e-2f76-48a4-9f40-bc4cfd987a89
Community by PeepSo <= 6.2.2.0 – Authenticated (Contributor+) Stored Cross-Site Scripting
Affected Software: Community by PeepSo – Social Network, Membership, Registration, User Profiles
CVE ID: CVE-2023-47850
CVSS Score: 6.4 (Medium)
Researcher/s: Abu Hurayra (HurayraIIT)
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/826e7e0a-79b1-4828-8eeb-159ef3cc2c65
CVE ID: CVE-2023-47850
CVSS Score: 6.4 (Medium)
Researcher/s: Abu Hurayra (HurayraIIT)
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/826e7e0a-79b1-4828-8eeb-159ef3cc2c65
Easy Social Icons <= 3.2.4 – Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
Affected Software: Easy Social Icons
CVE ID: CVE-2023-48336
CVSS Score: 6.4 (Medium)
Researcher/s: Ngô Thiên An (ancorn_)
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ab888ee1-bdc2-4b8b-9b16-a7d146f123df
CVE ID: CVE-2023-48336
CVSS Score: 6.4 (Medium)
Researcher/s: Ngô Thiên An (ancorn_)
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ab888ee1-bdc2-4b8b-9b16-a7d146f123df
Drop Shadow Boxes <= 1.7.13 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Affected Software: Drop Shadow Boxes
CVE ID: CVE-2023-5469
CVSS Score: 6.4 (Medium)
Researcher/s: István Márton
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c0b3911c-a960-4f28-b289-389b26282741
CVE ID: CVE-2023-5469
CVSS Score: 6.4 (Medium)
Researcher/s: István Márton
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c0b3911c-a960-4f28-b289-389b26282741
GS Team Members <= 2.2.3 – Authenticated (Contributor+) Stored Cross-Site Scripting
Affected Software: Team Members – A WordPress Team Plugin with Gallery, Grid, Carousel, Slider, Table, List, and More
CVE ID: CVE Unknown
CVSS Score: 6.4 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c146f89c-5df3-4aaf-b880-0ce6016dfb6d
CVE ID: CVE Unknown
CVSS Score: 6.4 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c146f89c-5df3-4aaf-b880-0ce6016dfb6d
myCred <= 2.6.1 – Authenticated (Contributor+) Stored Cross-Site Scripting
Affected Software: myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin
CVE ID: CVE-2023-47853
CVSS Score: 6.4 (Medium)
Researcher/s: Abu Hurayra (HurayraIIT)
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c4067e03-427c-4b03-a250-0354572ae361
CVE ID: CVE-2023-47853
CVSS Score: 6.4 (Medium)
Researcher/s: Abu Hurayra (HurayraIIT)
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c4067e03-427c-4b03-a250-0354572ae361
Perfmatters < 2.2.0 – Authenticated (Subscriber+) Stored Cross-Site Scripting
Affected Software: Perfmatters
CVE ID: CVE-2023-47877
CVSS Score: 6.4 (Medium)
Researcher/s: Dave Jong
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/cc4a7efd-f4f4-44a7-bd55-a6ae3a1d3521
CVE ID: CVE-2023-47877
CVSS Score: 6.4 (Medium)
Researcher/s: Dave Jong
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/cc4a7efd-f4f4-44a7-bd55-a6ae3a1d3521
Import Spreadsheets from Microsoft Excel <= 10.1.3 – Authenticated (Contributor+) Stored Cross-Site Scripting
Affected Software: Import Spreadsheets from Microsoft Excel
CVE ID: CVE-2023-48289
CVSS Score: 6.4 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d337e39c-3a3d-4465-bc40-77f0b27aeab2
CVE ID: CVE-2023-48289
CVSS Score: 6.4 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d337e39c-3a3d-4465-bc40-77f0b27aeab2
WCFM Marketplace <= 3.6.2 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Affected Software: WCFM Marketplace – Best Multivendor Marketplace for WooCommerce
CVE ID: CVE-2023-4960
CVSS Score: 6.4 (Medium)
Researcher/s: István Márton
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f99e9f01-cc98-4af5-bb95-f56f6a550e96
CVE ID: CVE-2023-4960
CVSS Score: 6.4 (Medium)
Researcher/s: István Márton
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f99e9f01-cc98-4af5-bb95-f56f6a550e96
UserPro <= 5.1.1 – Cross-Site Request Forgery via multiple functions
Affected Software: UserPro – Community and User Profile WordPress Plugin
CVE ID: CVE-2023-6008
CVSS Score: 6.3 (Medium)
Researcher/s: István Márton
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ed6e2b9e-3d70-4c07-a779-45164816b89c
CVE ID: CVE-2023-6008
CVSS Score: 6.3 (Medium)
Researcher/s: István Márton
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ed6e2b9e-3d70-4c07-a779-45164816b89c
UserPro <= 5.1.1 – Cross-Site Request Forgery to Sensitive Information Exposure
Affected Software: UserPro – Community and User Profile WordPress Plugin
CVE ID: CVE-2023-2447
CVSS Score: 6.1 (Medium)
Researcher/s: István Márton
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0372efe4-b5be-4601-be43-5c12332ea1a5
CVE ID: CVE-2023-2447
CVSS Score: 6.1 (Medium)
Researcher/s: István Márton
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0372efe4-b5be-4601-be43-5c12332ea1a5
Enfold <= 5.6.4 – Reflected Cross-Site Scripting
Affected Software: Enfold – Responsive Multi-Purpose Theme
CVE ID: CVE-2023-38400
CVSS Score: 6.1 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/100b700f-8812-48be-8a04-28f60a57b35f
CVE ID: CVE-2023-38400
CVSS Score: 6.1 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/100b700f-8812-48be-8a04-28f60a57b35f
Grab & Save <= 1.0.4 – Reflected Cross-Site Scripting
Affected Software: Grab & Save
CVE ID: CVE-2023-47844
CVSS Score: 6.1 (Medium)
Researcher/s: Dimas Maulana
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2baab094-5ece-41a2-821a-b594a2c2327e
CVE ID: CVE-2023-47844
CVSS Score: 6.1 (Medium)
Researcher/s: Dimas Maulana
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2baab094-5ece-41a2-821a-b594a2c2327e
Simply Exclude <= 2.0.6.6 – Reflected Cross-Site Scripting
Affected Software: Simply Exclude
CVE ID: CVE-2023-48743
CVSS Score: 6.1 (Medium)
Researcher/s: Le Ngoc Anh
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2f9a3883-9755-4de8-9d60-113238b3c0ac
CVE ID: CVE-2023-48743
CVSS Score: 6.1 (Medium)
Researcher/s: Le Ngoc Anh
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2f9a3883-9755-4de8-9d60-113238b3c0ac
Perfmatters <= 2.1.6 – Reflected Cross-Site Scripting
Affected Software: Perfmatters
CVE ID: CVE-2023-47876
CVSS Score: 6.1 (Medium)
Researcher/s: Dave Jong
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/612fb73f-e488-453f-a2a4-32969f91122b
CVE ID: CVE-2023-47876
CVSS Score: 6.1 (Medium)
Researcher/s: Dave Jong
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/612fb73f-e488-453f-a2a4-32969f91122b
UserPro <= 5.1.0 – Cross-Site Request Forgery to Stored Cross-Site Scripting via userpro_save_userdata
Affected Software: UserPro – Community and User Profile WordPress Plugin
CVE ID: CVE-2023-2438
CVSS Score: 6.1 (Medium)
Researcher/s: István Márton
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7d30adc5-27a5-4549-84fc-b930f27f03e5
CVE ID: CVE-2023-2438
CVSS Score: 6.1 (Medium)
Researcher/s: István Márton
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7d30adc5-27a5-4549-84fc-b930f27f03e5
Tainacan <= 0.20.4 – Reflected Cross-Site Scripting
Affected Software: Tainacan
CVE ID: CVE-2023-47848
CVSS Score: 6.1 (Medium)
Researcher/s: Dimas Maulana
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7f192811-378b-422d-8086-9a957b464bb7
CVE ID: CVE-2023-47848
CVSS Score: 6.1 (Medium)
Researcher/s: Dimas Maulana
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7f192811-378b-422d-8086-9a957b464bb7
Events Manager <= 6.4.5 – Reflected Cross-Site Scripting
Affected Software: Events Manager
CVE ID: CVE-2023-48326
CVSS Score: 6.1 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9053cf91-0af1-44f8-9fdf-7ecbd457545b
CVE ID: CVE-2023-48326
CVSS Score: 6.1 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9053cf91-0af1-44f8-9fdf-7ecbd457545b
Salient Core <= 2.0.2 – Reflected Cross-Site Scripting
Affected Software: salient-core
CVE ID: CVE-2023-48748
CVSS Score: 6.1 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b1ae1b28-ea9e-4446-8b03-b5a8eaac1042
CVE ID: CVE-2023-48748
CVSS Score: 6.1 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b1ae1b28-ea9e-4446-8b03-b5a8eaac1042
eDoc Employee Job Application <= 1.13 – Reflected Cross-Site Scripting
Affected Software: eDoc Employee Job Application – Best WordPress Job Manager for Employees
CVE ID: CVE-2023-48322
CVSS Score: 6.1 (Medium)
Researcher/s: Unknown
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/cbfbd7c2-7a46-4292-9173-f90298a7fcc4
CVE ID: CVE-2023-48322
CVSS Score: 6.1 (Medium)
Researcher/s: Unknown
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/cbfbd7c2-7a46-4292-9173-f90298a7fcc4
Maspik – Spam blacklist <= 0.9.2 – Unauthenticated Stored Cross-Site Scripting via efas_add_to_log
Affected Software: Maspik – Spam Blacklist
CVE ID: CVE-2023-48272
CVSS Score: 6.1 (Medium)
Researcher/s: Mika
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e8db52ce-fbc3-4fe1-b9b4-cb2ce7d88a67
CVE ID: CVE-2023-48272
CVSS Score: 6.1 (Medium)
Researcher/s: Mika
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e8db52ce-fbc3-4fe1-b9b4-cb2ce7d88a67
Community by PeepSo <= 6.2.6.0 – Reflected Cross-Site Scripting
Affected Software: Community by PeepSo – Social Network, Membership, Registration, User Profiles
CVE ID: CVE-2023-48746
CVSS Score: 6.1 (Medium)
Researcher/s: Phd
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/fda1be79-ba45-4e8f-bfc3-355f9cdbad82
CVE ID: CVE-2023-48746
CVSS Score: 6.1 (Medium)
Researcher/s: Phd
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/fda1be79-ba45-4e8f-bfc3-355f9cdbad82
Yoast SEO <= 21.0 – Authenticated (Seo Manager+) Stored Cross-Site Scripting
Affected Software: Yoast SEO
CVE ID: CVE-2023-40680
CVSS Score: 5.5 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/385a82ff-50ad-4787-845b-fb5f639f6466
CVE ID: CVE-2023-40680
CVSS Score: 5.5 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/385a82ff-50ad-4787-845b-fb5f639f6466
Theme My Login 2FA < 1.2 – 2FA Bypass via Brute Force
Affected Software: Theme My Login 2fa
CVE ID: CVE-2023-6272
CVSS Score: 5.4 (Medium)
Researcher/s: Joost Grunwald
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1398e296-9b20-4f8e-85f2-896888abc67e
CVE ID: CVE-2023-6272
CVSS Score: 5.4 (Medium)
Researcher/s: Joost Grunwald
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1398e296-9b20-4f8e-85f2-896888abc67e
Porto Theme – Functionality <= 2.11.1 – Missing Authorization
Affected Software: Porto Theme – Functionality
CVE ID: CVE-2023-48739
CVSS Score: 5.3 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0e1300be-07e3-44b6-9ced-a16825274d22
CVE ID: CVE-2023-48739
CVSS Score: 5.3 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0e1300be-07e3-44b6-9ced-a16825274d22
BlossomThemes Email Newsletter <= 2.2.4 – Missing Authorization
Affected Software: BlossomThemes Email Newsletter
CVE ID: CVE-2023-47849
CVSS Score: 5.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1e98b763-29b9-435d-a436-d4df64234b4d
CVE ID: CVE-2023-47849
CVSS Score: 5.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1e98b763-29b9-435d-a436-d4df64234b4d
Quttera Web Malware Scanner <= 3.4.1.48 – Sensitive Data Exposure
Affected Software: Quttera Web Malware Scanner
CVE ID: CVE-2023-6065
CVSS Score: 5.3 (Medium)
Researcher/s: Dmitrii Ignatyev
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2163af55-1ea4-4c60-b9f0-baf99297c6bc
CVE ID: CVE-2023-6065
CVSS Score: 5.3 (Medium)
Researcher/s: Dmitrii Ignatyev
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2163af55-1ea4-4c60-b9f0-baf99297c6bc
Accept Stripe Payments <= 2.0.79 – Unauthenticated Content Injection
Affected Software: Accept Stripe Payments
CVE ID: CVE-2023-48285
CVSS Score: 5.3 (Medium)
Researcher/s: Joshua Chan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2f499d5e-eb27-4611-af27-ac9fd6a9f044
CVE ID: CVE-2023-48285
CVSS Score: 5.3 (Medium)
Researcher/s: Joshua Chan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2f499d5e-eb27-4611-af27-ac9fd6a9f044
Accept Stripe Payments <= 2.0.79 – Insecure Direct Object Reference
Affected Software: Accept Stripe Payments
CVE ID: CVE-2023-48286
CVSS Score: 5.3 (Medium)
Researcher/s: Joshua Chan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/44d14692-d90a-45f9-afb4-0666ce4b3397
CVE ID: CVE-2023-48286
CVSS Score: 5.3 (Medium)
Researcher/s: Joshua Chan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/44d14692-d90a-45f9-afb4-0666ce4b3397
Preloader for Website <= 1.2.2 – Missing Authorization via plwao_register_settings()
Affected Software: Preloader for Website
CVE ID: CVE-2023-48273
CVSS Score: 5.3 (Medium)
Researcher/s: Nguyen Xuan Chien
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5cfc38c0-f940-4c4d-ba7b-0d772146ea2d
CVE ID: CVE-2023-48273
CVSS Score: 5.3 (Medium)
Researcher/s: Nguyen Xuan Chien
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5cfc38c0-f940-4c4d-ba7b-0d772146ea2d
Hide login page <= 1.1.7 – Login Page Disclosure
Affected Software: Hide login page, Hide wp admin – stop attack on login page
CVE ID: CVE-2023-48335
CVSS Score: 5.3 (Medium)
Researcher/s: Naveen Muthusamy
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/6d3cff57-ea8a-4082-bc05-d62b9d92f0e6
CVE ID: CVE-2023-48335
CVSS Score: 5.3 (Medium)
Researcher/s: Naveen Muthusamy
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/6d3cff57-ea8a-4082-bc05-d62b9d92f0e6
The Events Calendar <= 6.2.8 – Information Disclosure
Affected Software: The Events Calendar
CVE ID: CVE Unknown
CVSS Score: 5.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8291fd89-aea1-4f7b-abd8-dee8438c3ed5
CVE ID: CVE Unknown
CVSS Score: 5.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8291fd89-aea1-4f7b-abd8-dee8438c3ed5
PayTR Taksit Tablosu <= 1.3.1 – Missing Authorization
Affected Software: PayTR Taksit Tablosu – WooCommerce
CVE ID: CVE-2023-47847
CVSS Score: 5.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8bfefe86-b25e-4ffe-9beb-28dc22a99d62
CVE ID: CVE-2023-47847
CVSS Score: 5.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8bfefe86-b25e-4ffe-9beb-28dc22a99d62
Perfmatters <= 2.1.6 – Missing Authorization
Affected Software: Perfmatters
CVE ID: CVE-2023-47874
CVSS Score: 5.3 (Medium)
Researcher/s: Dave Jong
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b078e446-61e7-4ce1-b9a9-480ccc388c72
CVE ID: CVE-2023-47874
CVSS Score: 5.3 (Medium)
Researcher/s: Dave Jong
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b078e446-61e7-4ce1-b9a9-480ccc388c72
Captcha Code <= 2.8 – Captcha Bypass
Affected Software: Captcha Code
CVE ID: CVE-2023-48745
CVSS Score: 5.3 (Medium)
Researcher/s: qilin_99
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b1dd3845-a88d-41aa-acf4-66fd1a6819ff
CVE ID: CVE-2023-48745
CVSS Score: 5.3 (Medium)
Researcher/s: qilin_99
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b1dd3845-a88d-41aa-acf4-66fd1a6819ff
Contact Form Email <= 1.3.41 – Captcha Bypass
Affected Software: Contact Form Email
CVE ID: CVE-2023-48318
CVSS Score: 5.3 (Medium)
Researcher/s: qilin_99
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b637ebfd-c273-428b-985c-6f5b6a03f263
CVE ID: CVE-2023-48318
CVSS Score: 5.3 (Medium)
Researcher/s: qilin_99
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b637ebfd-c273-428b-985c-6f5b6a03f263
Super Progressive Web Apps <= 2.2.21 – Missing Authorization
Affected Software: Super Progressive Web Apps
CVE ID: CVE-2023-48277
CVSS Score: 5.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d36e869a-5bd4-4f59-8e28-01fa586024c5
CVE ID: CVE-2023-48277
CVSS Score: 5.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d36e869a-5bd4-4f59-8e28-01fa586024c5
Maspik – Spam blacklist <= 0.10.1 – Bypass
Affected Software: Maspik – Spam Blacklist
CVE ID: CVE-2023-48271
CVSS Score: 5.3 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f3a8273e-2439-4138-941e-379d130e0c74
CVE ID: CVE-2023-48271
CVSS Score: 5.3 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f3a8273e-2439-4138-941e-379d130e0c74
Consensu.io <= 1.0.2 – Missing Authorization via update_config_db()
Affected Software: Consensu.io | Conformidade e Consentimento de Cookies para LGPD
CVE ID: CVE-2023-48280
CVSS Score: 5.3 (Medium)
Researcher/s: Skalucy
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/fc1963cc-7e9e-4998-8338-c3e83b70d441
CVE ID: CVE-2023-48280
CVSS Score: 5.3 (Medium)
Researcher/s: Skalucy
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/fc1963cc-7e9e-4998-8338-c3e83b70d441
Autocomplete Location field Contact Form 7 <= 2.0 – Authenticated (Administrator+) Stored Cross-Site Scripting
Affected Software: Autocomplete Location field Contact Form 7
CVE ID: CVE-2023-5005
CVSS Score: 4.4 (Medium)
Researcher/s: Bob Matyas
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/13fd7509-6d61-4eb0-9f85-cc40e074b819
CVE ID: CVE-2023-5005
CVSS Score: 4.4 (Medium)
Researcher/s: Bob Matyas
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/13fd7509-6d61-4eb0-9f85-cc40e074b819
Video Player <= 1.5.22 – Authenticated (Administrator+) Stored Cross-Site Scripting
Affected Software: SpiderVPlayer
CVE ID: CVE-2023-48320
CVSS Score: 4.4 (Medium)
Researcher/s: SeungYongLee
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1627ec2a-f91d-4ed7-acb8-a3fb63b45731
CVE ID: CVE-2023-48320
CVSS Score: 4.4 (Medium)
Researcher/s: SeungYongLee
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1627ec2a-f91d-4ed7-acb8-a3fb63b45731
WP Roadmap <= 1.0.8 – Authenticated (Administrator+) Stored Cross-Site Scripting
Affected Software: WP Roadmap – Product Feedback Board
CVE ID: CVE-2023-41128
CVSS Score: 4.4 (Medium)
Researcher/s: DoYeon Park (p6rkdoye0n)
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/24fc2554-375a-4216-91bf-41921cc4b436
CVE ID: CVE-2023-41128
CVSS Score: 4.4 (Medium)
Researcher/s: DoYeon Park (p6rkdoye0n)
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/24fc2554-375a-4216-91bf-41921cc4b436
Fast Custom Social Share by CodeBard <= 1.1.1 – Authenticated (Administrator+) Stored Cross-Site Scripting
Affected Software: Fast Custom Social Share by CodeBard
CVE ID: CVE-2023-48329
CVSS Score: 4.4 (Medium)
Researcher/s: Song Hyun Bae
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3eece451-65a3-4c9d-a8eb-05f6f3e2d1d5
CVE ID: CVE-2023-48329
CVSS Score: 4.4 (Medium)
Researcher/s: Song Hyun Bae
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3eece451-65a3-4c9d-a8eb-05f6f3e2d1d5
TriPay Payment Gateway <= 3.2.7 – Authenticated (Administrator+) Stored Cross-Site Scripting
Affected Software: TriPay Payment Gateway
CVE ID: CVE-2023-48737
CVSS Score: 4.4 (Medium)
Researcher/s: Luqman Hakim Y
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/946add6f-4cd5-4c55-9399-a782140f217c
CVE ID: CVE-2023-48737
CVSS Score: 4.4 (Medium)
Researcher/s: Luqman Hakim Y
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/946add6f-4cd5-4c55-9399-a782140f217c
Chatbot for WordPress <= 2.3.9 – Authenticated (Administrator+) Stored Cross-Site Scripting
Affected Software: Chatbot for WordPress ⚡️
CVE ID: CVE-2023-5691
CVSS Score: 4.4 (Medium)
Researcher/s: Huynh Tien Si
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/dfd67329-11b1-4f00-a422-bb4833a3181d
CVE ID: CVE-2023-5691
CVSS Score: 4.4 (Medium)
Researcher/s: Huynh Tien Si
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/dfd67329-11b1-4f00-a422-bb4833a3181d
Booster for WooCommerce <= 7.1.2 – Missing Authorization to Product Creation/Modification
Affected Software: Booster for WooCommerce
CVE ID: CVE-2023-48747
CVSS Score: 4.3 (Medium)
Researcher/s: Dave Jong
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/00ec2f57-48ee-49ea-ae8f-e7b24bf4535c
CVE ID: CVE-2023-48747
CVSS Score: 4.3 (Medium)
Researcher/s: Dave Jong
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/00ec2f57-48ee-49ea-ae8f-e7b24bf4535c
MyBookTable Bookstore <= 3.3.3 – Cross-Site Request Forgery
Affected Software: MyBookTable Bookstore by Stormhill Media
CVE ID: CVE-2023-48331
CVSS Score: 4.3 (Medium)
Researcher/s: Nguyen Xuan Chien
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/02b336ce-be41-4343-9817-0437bd2685c2
CVE ID: CVE-2023-48331
CVSS Score: 4.3 (Medium)
Researcher/s: Nguyen Xuan Chien
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/02b336ce-be41-4343-9817-0437bd2685c2
Auto Affiliate Links <= 6.4.2.5 – Cross-Site Request Forgery
Affected Software: Auto Affiliate Links
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/17453fa5-af14-477b-9b3d-b245511ad8ce
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/17453fa5-af14-477b-9b3d-b245511ad8ce
Frontier Post <= 6.1 – Cross-Site Request Forgery
Affected Software: Frontier Post
CVE ID: CVE-2023-6137
CVSS Score: 4.3 (Medium)
Researcher/s: Nguyen Xuan Chien
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/24ef5844-93d6-4ba3-bd0a-b8837bbd7baf
CVE ID: CVE-2023-6137
CVSS Score: 4.3 (Medium)
Researcher/s: Nguyen Xuan Chien
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/24ef5844-93d6-4ba3-bd0a-b8837bbd7baf
Mail Bank – #1 Mail SMTP Plugin for WordPress <= 4.0.14 – Missing Authorization
Affected Software: Mail Bank – #1 Mail SMTP Plugin for WordPress
CVE ID: CVE-2023-48332
CVSS Score: 4.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/31a3a3c1-be0e-46d5-9fa3-563febc5569b
CVE ID: CVE-2023-48332
CVSS Score: 4.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/31a3a3c1-be0e-46d5-9fa3-563febc5569b
NextGEN Gallery <= 3.37 – Cross-Site Request Forgery
Affected Software: WordPress Gallery Plugin – NextGEN Gallery
CVE ID: CVE-2023-48328
CVSS Score: 4.3 (Medium)
Researcher/s: Vladislav Pokrovsky (ΞX.MI)
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3354b925-2e4a-4ee5-b436-2c1a502b1725
CVE ID: CVE-2023-48328
CVSS Score: 4.3 (Medium)
Researcher/s: Vladislav Pokrovsky (ΞX.MI)
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3354b925-2e4a-4ee5-b436-2c1a502b1725
Debug Log Manager <= 2.2.1 – Missing Authorization
Affected Software: Debug Log Manager
CVE ID: CVE-2023-6136
CVSS Score: 4.3 (Medium)
Researcher/s: Dmitrii Ignatyev, Joshua Chan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/33a54cae-0fa3-4c25-bf81-8423f5e01e84
CVE ID: CVE-2023-6136
CVSS Score: 4.3 (Medium)
Researcher/s: Dmitrii Ignatyev, Joshua Chan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/33a54cae-0fa3-4c25-bf81-8423f5e01e84
wpForo Forum <= 2.2.5 – Cross-Site Request Forgery via logout()
Affected Software: wpForo Forum
CVE ID: CVE-2023-47870
CVSS Score: 4.3 (Medium)
Researcher/s: Jesse McNeil
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3bce40ee-c378-4a44-9c5d-d83151975309
CVE ID: CVE-2023-47870
CVSS Score: 4.3 (Medium)
Researcher/s: Jesse McNeil
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3bce40ee-c378-4a44-9c5d-d83151975309
GS Pins for Pinterest Lite <= 1.8.0 – Missing Authorization via _update_shortcode
Affected Software: WordPress Pinterest Plugin – Make a Popup, User Profile, Masonry and Gallery Layout
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3f81003b-8214-4fa3-960f-81b166623de9
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3f81003b-8214-4fa3-960f-81b166623de9
Bulk Comment Remove <= 2 – Cross-Site Request Forgery via brc_admin()
Affected Software: Bulk Comment Remove
CVE ID: CVE-2023-48330
CVSS Score: 4.3 (Medium)
Researcher/s: Nguyen Xuan Chien
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/42303b60-cbb5-4176-94f9-b2ed29f59cc8
CVE ID: CVE-2023-48330
CVSS Score: 4.3 (Medium)
Researcher/s: Nguyen Xuan Chien
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/42303b60-cbb5-4176-94f9-b2ed29f59cc8
Floating Action Button <= 1.2.1 – Cross-Site Request Forgery
Affected Software: Floating Action Button
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/42b2d840-4e8b-4027-ab3b-78b17c9ed9aa
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/42b2d840-4e8b-4027-ab3b-78b17c9ed9aa
Availability Calendar <= 1.2.6 – Cross-Site Request Forgery via add_availability_calendar_create_admin_page()
Affected Software: Availability Calendar
CVE ID: CVE-2023-48744
CVSS Score: 4.3 (Medium)
Researcher/s: Nguyen Xuan Chien
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4b13388b-19f9-4f5c-9599-efd6ccf978c8
CVE ID: CVE-2023-48744
CVSS Score: 4.3 (Medium)
Researcher/s: Nguyen Xuan Chien
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4b13388b-19f9-4f5c-9599-efd6ccf978c8
WCMultiShipping <= 2.3.5 – Missing Authorization to Log Export
Affected Software: UPS, Mondial Relay & Chronopost for WooCommerce – WCMultiShipping
CVE ID: CVE-2023-48274
CVSS Score: 4.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4b19657c-3e95-42cf-8d1a-64fa50b3b82b
CVE ID: CVE-2023-48274
CVSS Score: 4.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4b19657c-3e95-42cf-8d1a-64fa50b3b82b
Awesome Support <= 6.1.4 – Missing Authorization via wpas_edit_reply_ajax()
Affected Software: Awesome Support – WordPress HelpDesk & Support Plugin
CVE ID: CVE-2023-48324
CVSS Score: 4.3 (Medium)
Researcher/s: thiennv
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4dec91d7-19cf-480d-871c-427cd1e691a6
CVE ID: CVE-2023-48324
CVSS Score: 4.3 (Medium)
Researcher/s: thiennv
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4dec91d7-19cf-480d-871c-427cd1e691a6
Awesome Support <= 6.1.4 – Cross-Site Request Forgery via wpas_edit_reply_ajax()
Affected Software: Awesome Support – WordPress HelpDesk & Support Plugin
CVE ID: CVE-2023-48323
CVSS Score: 4.3 (Medium)
Researcher/s: thiennv
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/579b887a-4140-4e12-9a9a-ba52d212b8a2
CVE ID: CVE-2023-48323
CVSS Score: 4.3 (Medium)
Researcher/s: thiennv
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/579b887a-4140-4e12-9a9a-ba52d212b8a2
wpForo Forum <= 2.2.5 – Missing Authorization
Affected Software: wpForo Forum
CVE ID: CVE-2023-47869
CVSS Score: 4.3 (Medium)
Researcher/s: Jesse McNeil
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/71078aaf-9803-4b46-bc94-dbcb43745629
CVE ID: CVE-2023-47869
CVSS Score: 4.3 (Medium)
Researcher/s: Jesse McNeil
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/71078aaf-9803-4b46-bc94-dbcb43745629
Grab & Save <= 1.0.4 – Cross-Site Request Forgery
Affected Software: Grab & Save
CVE ID: CVE-2023-47845
CVSS Score: 4.3 (Medium)
Researcher/s: Dimas Maulana
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7cd4b1da-faee-4c4e-b323-e77c4c033149
CVE ID: CVE-2023-47845
CVSS Score: 4.3 (Medium)
Researcher/s: Dimas Maulana
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7cd4b1da-faee-4c4e-b323-e77c4c033149
Perfmatters <= 2.1.6 – Cross-Site Request Forgery
Affected Software: Perfmatters
CVE ID: CVE-2023-47875
CVSS Score: 4.3 (Medium)
Researcher/s: Dave Jong
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/95f5b4df-5214-4f36-8dd5-a1a816fbc3db
CVE ID: CVE-2023-47875
CVSS Score: 4.3 (Medium)
Researcher/s: Dave Jong
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/95f5b4df-5214-4f36-8dd5-a1a816fbc3db
Broken Link Checker for YouTube <= 1.3 – Cross-Site Request Forgery via plugin_settings_page()
Affected Software: Broken Link Checker for YouTube
CVE ID: CVE-2023-48281
CVSS Score: 4.3 (Medium)
Researcher/s: Nguyen Xuan Chien
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9993d84e-7337-4eda-af3c-039b6d8c8fe6
CVE ID: CVE-2023-48281
CVSS Score: 4.3 (Medium)
Researcher/s: Nguyen Xuan Chien
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9993d84e-7337-4eda-af3c-039b6d8c8fe6
TextMe SMS <= 1.15.20 – Missing Authorization via tetxme_update_option_page()
Affected Software: TextMe SMS
CVE ID: CVE-2023-48287
CVSS Score: 4.3 (Medium)
Researcher/s: Arvandy
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9fb4ad52-a0b2-4645-bf0d-132b4ce8a0a1
CVE ID: CVE-2023-48287
CVSS Score: 4.3 (Medium)
Researcher/s: Arvandy
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9fb4ad52-a0b2-4645-bf0d-132b4ce8a0a1
Easy Social Feed <= 6.5.1 – Missing Authorization via hide_free_sidebar()
Affected Software: Easy Social Feed – Social Photos Gallery – Post Feed – Like Box
CVE ID: CVE-2023-48740
CVSS Score: 4.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a4ffb3ef-9d77-463f-92c4-4bc799ac16aa
CVE ID: CVE-2023-48740
CVSS Score: 4.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a4ffb3ef-9d77-463f-92c4-4bc799ac16aa
Simple Testimonials Showcase <= 1.1.5 – Cross-Site Request Forgery
Affected Software: Simple Testimonials Showcase
CVE ID: CVE-2023-48283
CVSS Score: 4.3 (Medium)
Researcher/s: Nguyen Xuan Chien
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b6008237-e4a8-4757-ae14-ac20c6f1b0af
CVE ID: CVE-2023-48283
CVSS Score: 4.3 (Medium)
Researcher/s: Nguyen Xuan Chien
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b6008237-e4a8-4757-ae14-ac20c6f1b0af
ARI Stream Quiz <= 1.2.32 – Cross-Site Request Forgery
Affected Software: ARI Stream Quiz – WordPress Quizzes Builder
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b758c8a7-6220-4b54-af88-7933a530b5ba
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b758c8a7-6220-4b54-af88-7933a530b5ba
Landing Page Builder <= 1.5.1.5 – Open Redirect
Affected Software: Landing Page Builder – Lead Page – Optin Page – Squeeze Page – WordPress Landing Pages
CVE ID: CVE-2023-48325
CVSS Score: 4.3 (Medium)
Researcher/s: minhtuanact
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c1a4d8a3-5553-4b1c-b0f8-d6a372de3692
CVE ID: CVE-2023-48325
CVSS Score: 4.3 (Medium)
Researcher/s: minhtuanact
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c1a4d8a3-5553-4b1c-b0f8-d6a372de3692
HUSKY – Products Filter for WooCommerce (formerly WOOF) <= 1.3.4.2 – Missing Authorization via woof_meta_get_keys()
Affected Software: HUSKY – Products Filter for WooCommerce Professional
CVE ID: CVE-2023-40334
CVSS Score: 4.3 (Medium)
Researcher/s: thiennv
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d00edaf1-2a97-4000-afd9-432ca8fa3df4
CVE ID: CVE-2023-40334
CVSS Score: 4.3 (Medium)
Researcher/s: thiennv
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d00edaf1-2a97-4000-afd9-432ca8fa3df4
Post Meta Data Manager <= 1.2.1 – Cross-Site Request Forgery to Post, Term, and User Meta Deletion
Affected Software: Post Meta Data Manager
CVE ID: CVE-2023-5776
CVSS Score: 4.3 (Medium)
Researcher/s: Francesco Carlucci
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d49b8c44-4dad-4990-a8a8-116b424a7dfa
CVE ID: CVE-2023-5776
CVSS Score: 4.3 (Medium)
Researcher/s: Francesco Carlucci
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d49b8c44-4dad-4990-a8a8-116b424a7dfa
Analytify Dashboard <= 5.1.1 – Cross-Site Request Forgery
Affected Software: Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy)
CVE ID: CVE-2023-47841
CVSS Score: 4.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d7362f3f-c5d9-4ba0-b9c3-282c58861e2f
CVE ID: CVE-2023-47841
CVSS Score: 4.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d7362f3f-c5d9-4ba0-b9c3-282c58861e2f
Booster for WooCommerce <= 7.1.1 – Missing Authorization to Authenticated (Subscriber+) Order Information Disclosure
Affected Software: Booster for WooCommerce
CVE ID: CVE-2023-48333
CVSS Score: 4.3 (Medium)
Researcher/s: Dave Jong
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d94661c1-2d70-4943-9452-b51a76116ebb
CVE ID: CVE-2023-48333
CVSS Score: 4.3 (Medium)
Researcher/s: Dave Jong
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d94661c1-2d70-4943-9452-b51a76116ebb
WooCommerce Parcel Pro <= 1.6.11 – Cross-Site Request Forgery
Affected Software: Parcel Pro
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/dbf54852-f3fe-4c9e-9348-44a73f9a8131
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/dbf54852-f3fe-4c9e-9348-44a73f9a8131
Seraphinite Post .DOCX Source <= 2.16.6 – Cross-Site Request Forgery
Affected Software: Seraphinite Post .DOCX Source
CVE ID: CVE-2023-48279
CVSS Score: 4.3 (Medium)
Researcher/s: Skalucy
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/dfcc2ab2-504d-4151-9435-618e317ce95c
CVE ID: CVE-2023-48279
CVSS Score: 4.3 (Medium)
Researcher/s: Skalucy
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/dfcc2ab2-504d-4151-9435-618e317ce95c
Taxonomy filter <= 2.2.9 – Cross-Site Request Forgery via taxonomy_filter_save_main_settings()
Affected Software: Taxonomy filter
CVE ID: CVE-2023-48282
CVSS Score: 4.3 (Medium)
Researcher/s: Nguyen Xuan Chien
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e74ff260-48af-4fc2-80d8-1ff2403f8f33
CVE ID: CVE-2023-48282
CVSS Score: 4.3 (Medium)
Researcher/s: Nguyen Xuan Chien
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e74ff260-48af-4fc2-80d8-1ff2403f8f33
League Table <= 1.13 – Cross-Site Request Forgery
Affected Software: League Table
CVE ID: CVE-2023-48334
CVSS Score: 4.3 (Medium)
Researcher/s: Nguyen Xuan Chien
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ef7ec175-cee5-4559-909d-ee689158d67c
CVE ID: CVE-2023-48334
CVSS Score: 4.3 (Medium)
Researcher/s: Nguyen Xuan Chien
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ef7ec175-cee5-4559-909d-ee689158d67c
Abandoned Cart Lite for WooCommerce <= 5.16.0 – Improper Authorization via wcal_preview_emails
Affected Software: Abandoned Cart Lite for WooCommerce
CVE ID: CVE Unknown
CVSS Score: 3.7 (Low)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4edbfeee-b668-4a85-a030-c15d6583dc82
CVE ID: CVE Unknown
CVSS Score: 3.7 (Low)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4edbfeee-b668-4a85-a030-c15d6583dc82
Abandoned Cart Lite for WooCommerce <= 5.16.0 – Improper Authorization via wcal_delete_expired_used_coupon_code
Affected Software: Abandoned Cart Lite for WooCommerce
CVE ID: CVE Unknown
CVSS Score: 3.1 (Low)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/52d1f9a3-243e-4e2c-a752-f40b6d275121
CVE ID: CVE Unknown
CVSS Score: 3.1 (Low)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/52d1f9a3-243e-4e2c-a752-f40b6d275121
File Manager <= 6.3 – Authenticated (Admin+) Arbitrary OS File Access via Path Traversal
Affected Software: File Manager – 100% Free & Open Source File Manager Plugin for WordPress | Bit File Manager
CVE ID: CVE-2023-5907
CVSS Score: 2.2 (Low)
Researcher/s: Dmitrii Ignatyev
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/640b1800-3b59-4b06-a803-08cb76d62d99
CVE ID: CVE-2023-5907
CVSS Score: 2.2 (Low)
Researcher/s: Dmitrii Ignatyev
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/640b1800-3b59-4b06-a803-08cb76d62d99
As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.
This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us using our CVE Request form, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
Comments